Index: net/third_party/nss/ssl/ssl3con.c |
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
index 545e51eaada705078cd5f122701b76daf9598570..dd1ac733d7a4272274f89f82863d52e03e3678dd 100644 |
--- a/net/third_party/nss/ssl/ssl3con.c |
+++ b/net/third_party/nss/ssl/ssl3con.c |
@@ -5657,7 +5657,15 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, |
return rv; |
} |
- |
+PRBool |
+ssl3_CanFalseStart(sslSocket *ss) { |
+ return ss->opt.enableFalseStart && |
+ !ss->sec.isServer && |
+ !ss->ssl3.hs.isResuming && |
+ ss->ssl3.cwSpec && |
+ ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && |
+ ss->ssl3.hs.kea_def->exchKeyType == kt_rsa; |
wtc
2010/02/20 00:39:51
I believe you should compare this with ssl_kea_rsa
|
+} |
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
* ssl3 Server Hello Done message. |
@@ -5735,6 +5743,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss) |
ss->ssl3.hs.ws = wait_new_session_ticket; |
else |
ss->ssl3.hs.ws = wait_change_cipher; |
+ |
+ /* Do the handshake callback for sslv3 here. */ |
+ if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { |
+ (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
+ } |
+ |
return SECSuccess; |
loser: |
@@ -8509,7 +8523,7 @@ xmit_loser: |
ss->ssl3.hs.ws = idle_handshake; |
/* Do the handshake callback for sslv3 here. */ |
- if (ss->handshakeCallback != NULL) { |
+ if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { |
(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
} |